Tips for safe online shopping in the age of hackers

By Amy Kraft

Updated on: November 26, 2015 / 6:00 AM
/ CBS News

Nearly 135 million Americans will be shopping on Thanksgiving weekend according to a survey by the National Retail Federation. Although Black Friday and Cyber Monday are perfect times to buy gifts for the upcoming holidays, they are also the perfect time for hackers to steal customers' credit card and personal data.

"Security has now become a board room discussion in light of many breaches that occurred throughout 2014 and 2015," Derek Manky, Global Security Strategist at Fortinet, a network security company, said in an email. "The realization is that attacks will continue, and it is best to be proactively prepared."

Here's the latest expert advice to help you keep your data safe.

Limit your use of public WiFi

Public WiFi connections sound convenient, but they may contain malicious software set up to steal your information. "Do your shopping at work or at home," John Wilson, Field CTO for Agari, an email security company, said. If you must use public WiFi, Wilson advised to use a VPN to ensure that the connection is safe.

Use credit instead of debit

Credit cards are the safest option when shopping online because transactions are protected by the Fair Credit Billing Act, which allows users to dispute charges. According to Onguardonline.org, a website managed by the Federal Trade Commission, "In the event that someone uses your credit card without your permission, your liability generally is limited to the first $50 in charges. Some companies guarantee that you won't be held responsible for any unauthorized charges made to your card online; some cards provide additional warranty, return, and purchase protection benefits."

If your debit card is compromised, your liability jumps to $500 if you don't report the fraudulent charges within two business days according to the Federal Trade Commission. Liability is $0 if you report the card loss before any unauthorized transactions are made and $50 if you report the charges within two business days. Once you report the charges, your bank account will be frozen while the breach is being investigated.

Ensure you are accessing a legitimate site

The November 2015 issue of OUCH!, a monthly awareness newsletter for computer users, cautions shoppers about fake websites set up by criminals. "Criminals create these fake websites by copying the look of or using the name of well-known stores. They then use these websites to prey on people who are looking for the best deal possible. When you search online for the absolute lowest prices, you may be directed to one of these fake websites."

If you are unsure of a website, type the URL into Google search and look for reviews.

Wilson also advised to look up a domain on a search database such as domaintools.com to see how long a particular website has been registered. "I wouldn't want to be the first to use my credit card at a site that was registered two weeks ago," he said.

Use your body to unlock your phone

Look for security features in a website address

A padlock symbol in the address bar ensures that your connection to the website is secure and the data that is being collected is safe. Ryan Kalember, SVP of Cybersecurity Strategy at Proofpoint, a security company, said in an email. "Look for 'https' when making online purchases. The 's stands for 'secure' and indicates communication with the page is encrypted. This helps ensure your information is tran'smitted safely to the merchant."

Make sure operating systems are up to date

Make sure that your web browser and operating systems are up-to-date before shopping online. Criminals can take advantage of bugs in operating systems and programs to install malware onto your device. "Keeping all patches current plugs security holes that attackers often leverage to get into systems," Kalember said.

Use two-step authentication

Most email programs and a number of large retailers have added two-step authentication options for logging in. This is an easy and cost effective way to secure yourself when online shopping. "The password alone is dead and can be easily cracked, hacked or even guessed by using modern offensive security tools," Kalember said. "With two-factor authentication, users can enter a one-time code generated from a soft-token application on their phone and device to add that extra layer of security."

Embrace store apps

Store apps are a safe way to do your online shopping provided you download the application from a reputable source such as the Apple store or the Google Play store. Store apps usually have an additional layer of security and encryption to ensure that a customer's information is safe. "They're much safer because you know that you are talking to the store's back-end," Wilson said. There's also a lesser chance that you'll accidentally type in a wrong URL, he added.

You will be prepared and secure with this list of tools and precautions at your fingertips. So go forth and shop.